and in case anyone missed it.. this was my very first serious XSS.. yes.. you people are rubbing off on me.. when I first got here a couple of days ago (embellishing just a tad), I knew nothing about XSS, CSRF, SQLi, etc.. but with your virtuous teachings through magnificent postings and through computer osmosis, it's begun to stick. So this vuln can only be credited to all of you, the posters to this board.. Thank you!